Fix Fedora UEFI Boot with encrypted partitions

I recently upgraded my laptop, a Lenovo X1 Carbon 4th gen, to Fedora 32, which is still in Beta, but with just two weeks until its scheduled release, I deemed it stable enough for my purposes.

The upgrade process went smoothly and everything worked fine. I really like the new lockscreen, it looks really clean.

As usual with the beta releases, there are quite many updates and I usually run a sudo dnf upgrade once a day. I also do not really pay attention to what is actually upgraded, it is simply too much.

One of these upgrades seems to have broken my startup system. After a restart, the Grub selection did not appear at all and instead Windows started immediately. This seemed odd, so I started investigating.

First thing I did was to open the Boot selection menu of the laptop. It lists all the available boot options and still contains the Fedora entry. Selecting it resulted in nothing, instead the very same selection screen reappeared immediately. Windows could be selected and booted up without issues, so I guess that the system automatically tries all entries in order until it finds one that actually works.

My task now was to fix the issue. As this turned out to be a bit trickier due to UEFI and the fact that my Linux partitions are encrypted. Most forum entries and manual pages are considering simpler cases, where either it is not an UEFI system or where everything is unencrypted. Hence, I will list all steps to help anyone and to have a reference in case this happens again.

I started off by downloading the Fedora Media Writer and the Fedora 32 DVD ISO from the Fedora download page. It might have worked with the stable Fedora 31 release as well, but I didn’t want to take any chances. I then created a Live CD on a USB stick.

Next, I booted from the USB stick, started the Live version of Fedora, opened a terminal, made myself a superuser with the

su
command and listed all my disk partitions:

# fdisk -l
Festplatte /dev/nvme0n1: 476,96 GiB, 512110190592 Bytes, 1000215216 Sektoren
Festplattenmodell: SAMSUNG MZVKV512HAJH-000L1              
Einheiten: Sektoren von 1 * 512 = 512 Bytes
Sektorgröße (logisch/physikalisch): 512 Bytes / 512 Bytes
E/A-Größe (minimal/optimal): 512 Bytes / 512 Bytes
Festplattenbezeichnungstyp: gpt
Festplattenbezeichner: 2C4E590F-0E6F-4950-9740-F8C04BCDCC5E

Gerät             Anfang       Ende  Sektoren  Größe Typ
/dev/nvme0n1p1      2048     534527    532480   260M EFI-System
/dev/nvme0n1p2    534528     567295     32768    16M Microsoft reserviert
/dev/nvme0n1p3    567296  362516479 361949184 172,6G Microsoft Basisdaten
/dev/nvme0n1p4 998166528 1000214527   2048000  1000M Windows-Wiederherstellungsumgebung
/dev/nvme0n1p5 362516480  364613631   2097152     1G Linux-Dateisystem
/dev/nvme0n1p6 364613632  998166527 633552896 302,1G Linux-Dateisystem

We can see that the EFI partition is

/dev/nvme0n1p1
the Linux
/boot
partition can be determined by its size of 1 GB and is
/dev/nvme0n1p5
and finally the main Linux partition with all encrypted partitions is
/dev/nvme0n1p6

Next, we need to unlock the encrypted partition:

# udiskctl unlock -b /dev/nvme0n1p6

This prompts us to enter our password for decryting the partition and it provides all the logical volumes under
/dev/mapper
. In my case, the actual partitions can be accessed at
/dev/mapper/fedora-root
,
/dev/mapper/fedora-home
and
/dev/mapper/fedora-swap
, respectively.

Now we can start to mount our real Fedora installation into some directory in order to repair it. First, we need some main directory under which to mount everything:

# mkdir /mnt/root

and now we can mount all directories:
# mount /dev/mapper/fedora-root /mnt/root

# mount /dev/nvme0n1p5 /mnt/root/boot

# mount /dev/nvme0n1p1 /mnt/root/boot/efi

# mount -t proc proc /mnt/root/proc

Although this could already be sufficient, I needed to make the Wireless network from my live instance available in the environment which will be used for chroot:

# mv /mnt/root/etc/resolv.conf \

/mnt/root/etc/resolv.conf.backup<br># cp /etc/resolv.conf /mnt/root/etc/resolv.conf

Finally I could change into my prepared environment

# chroot /mnt/root /bin/bash

… and actually repair the UEFI setup:

# dnf install grub2-efi shim

# dnf reinstall grub2-efi shim

After all of this, the system should be ready to be rebooted.

I hope these steps are helpful to someone else than just me 🙂

Why 2018 won’t be the year of Linux on the desktop – again

The „Year of Linux on the desktop“ seems to be kind of a running gag. For years now, people have predicted that „this is going to be the year where Linux will win the desktop“. I (and others) think, this is not gonna happen in 2018. And I also assume that it won’t happen in 2019.

Before I start my rant about the reasons, let me state a few things. When I say „Linux„, I mean any Linux distribution out there. Fedora, Ubuntu, Arch – you name it. Also: I am a big fan of Linux myself. I’ve been using it since the days of Debian 2.something around 1998, and RedHat/Fedora has been my main desktop (and laptop) operating system for more than 15 years now. By all means I am a huge fan of the whole idea of Linus’s work and everything around it. Nevertheless, I don’t see it going anywhere further on the desktop.

Secondly, the reason for me writing about it now is the continuing dissatifaction around Apple and macOS (aka OS X). At work, I use a MacBook Pro with Retina display and I like the combination of hard- and software! But I hear many colleagues complaining about the ever-increasing price tag on the hardware. For their private hardware, quite a few are switching back to non-Apple choices. I for myself bought a Lenovo X1 Carbon instead of a MacBook Pro, only because of the price. And the experiences with Linux on this machine made me realize, why Linux is not working for the masses.

Here is an unsorted list of reasons which I think are at least part of the reason, why not even 2018 will be the year of Linux on the desktop. „Why 2018 won’t be the year of Linux on the desktop – again“ weiterlesen

A New Beginning

Heute war mein letzter Tag bei meinem derzeitigen Arbeitgeber, der it-motive AG. Nach über 4 1/2 Jahren sage ich „tschüss“ und möchte mich auch hier noch einmal für die vielen tollen Projekte bedanken, die ich mit meinen Kollegen und Kunden zusammen stemmen durfte. Es waren interessante und lehrreiche Jahre.

Trotzdem habe ich für mich beschlossen, einfach mal etwas neues zu machen. „A New Beginning“ weiterlesen

IntelliJ 13.1 und SVN 1.8 (auf Windows)

Heute habe ich einige Zeit damit zugebracht, IntelliJ Idea 13.1 mit unserem Subversion ans Laufen zu bringen. Offensichtlich gibt es einige Bugs, die die Zusammenarbeit mit SVN 1.7 leider erheblich erschweren.

Eine der Möglichkeiten, diese Problematik zu umgehen ist, einfach einen Kommandozeilen-Client für SVN zu nehmen. IntelliJ kann diesen direkt einbinden (Settings -> Version Control -> Subversion -> General -> Use command line client). Unter Windows kann man hierfür zum Beispiel das Binary von SlikSVN nehmen. Damit hat man dann ein SVN-Binary, das man dort nutzen kann. Außerdem ist – bei aktuellem SVN – auch direkt eine Working Copy in Version 1.8 möglich.

Fast.

Denn ab jetzt kommt bei jedem Commit die Fehlermeldung „Could not Commit: wrong revision“ (oder so ähnlich). Komisch … direkt mal untersucht: Commit wurde erfolgreich durchgeführt, Working Copy ist auch korrekt, trotzdem schmeißt IntelliJ diesen Fehler?

Ein wenig auf der Kommandozeile (aka: DOSBox) rumgespielt, den Quelltext der entsprechenden IntelliJ-Klasse angeschaut und dann dämmerte es so langsam …

Beim Nutzen des SVN Kommandozeilen-Clients wird die Rückgabe nach einem Commit geparst, um die neue Revision zu bestimmen. Anscheinend wird dabei angenommen, dass das Programm immer auf Englisch läuft und die Ausgabe daher „Committed revision 123“ lautet. SlikSVN installiert jedoch standardmäßig auch Übersetzungen mit – die Meldung lautet daher „Revision 123 übertragen“. Dies kann IntelliJ nicht korrekt interpretieren, deswegen wird die Fehlermeldung geschmissen. Also einfach die Übersetzungen von SlikSVN deinstallieren, dann klappt auch diese Kombination.

Ich weiß nicht, ob dies nur bei nicht-englischen Windows-Systemen auftritt, aber zumindest ist es etwas, was mich heute geschlagene drei Stunden meiner Zeit gekostet hat!